{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32586", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:57.709Z", "datePublished": "2026-03-17T08:24:13.299Z", "dateUpdated": "2026-04-01T16:00:45.860Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woocommerce-jetpack", "product": "Booster for WooCommerce", "vendor": "Pluggabl", "versions": [{"changes": [{"at": "7.11.3", "status": "unaffected"}], "lessThanOrEqual": "7.11.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:44:06.931Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Booster for WooCommerce: from n/a through < 7.11.3.</p>"}], "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T16:00:45.860Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T12:58:16.113686Z", "id": "CVE-2026-32586", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:58:30.886Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T12:58:16.113686Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:58:21.043Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pluggabl", "product": "Booster for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "7.11.3", "status": "unaffected"}], "version": "n/a", "lessThan": "7.11.3", "versionType": "custom"}], "packageName": "woocommerce-jetpack", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Booster for WooCommerce Plugin to the latest available version (at least 7.11.3).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Booster for WooCommerce Plugin to the latest available version (at least 7.11.3).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Booster for WooCommerce: from n/a before 7.11.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-17T08:24:13.299Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32586", "state": "PUBLISHED", "dateUpdated": "2026-03-17T12:58:30.886Z", "dateReserved": "2026-03-12T11:12:57.709Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-17T08:24:13.299Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Pluggabl Booster para WooCommerce permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Booster para WooCommerce: desde n/d antes de 7.11.3."}], "id": "CVE-2026-32586", "lastModified": "2026-04-01T17:28:39.247", "metrics": {}, "published": "2026-03-17T09:16:14.440", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.11.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Booster for WooCommerce", "source": "cna", "vendor": "Pluggabl"}, "product": "booster_for_woocommerce", "vendor": "pluggabl"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-02T05:05:46.036076+00:00", "value": {"mitigation_remediation": ["Apply the latest Booster for WooCommerce update (v7.11.3 or later).", "If updating immediately is not possible, temporarily remove or disable the plugin from the site.", "Review and restrict user role permissions to prevent unintended elevation that could exploit the bug.", "Monitor site logs for unusual activity or unauthorized access attempts."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized access leading to potential data compromise"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Pluggabl Booster for WooCommerce plugin (also known as woocommerce\u2011jetpack) on WordPress installations. All versions up to, but not including, 7.11.3 are susceptible. Users should verify whether their site is running any version prior to 7.11.3 and replace the plugin if so.", "description_and_impact": "The flaw is a missing authorization check that permits users to access protected parts of the Booster for WooCommerce plugin without proper permissions. This missing authorization is a classic privilege escalation flaw (CWE-862) and could allow an attacker to read or modify e\u2011commerce data, impacting confidentiality, integrity, and potentially availability of the store.", "risk_and_exploitability": "The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. However, because the flaw allows unauthorized access, the potential impact is high if an attacker can reach the affected components. The attack vector is inferred to be through authenticated user levels that mistakenly have elevated privileges, or via misconfigured access controls; no direct remote code execution is described."}}}}, "created": "2026-03-17T09:51:52.704439+00:00", "updated": "2026-04-02T08:00:07.590525+00:00", "vendors": ["pluggabl", "pluggabl$PRODUCT$booster_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}